ET MALWARE ELF/Emptiness v1 DNS Flood Command Inbound
Sourceet/open
Fileemerging-malware.rules
CreatedAugust 9, 2019
UpdatedMarch 7, 2024
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE ELF/Emptiness v1 DNS Flood Command Inbound"; flow:established,to_client ; content:".dns|20|"; depth:5; fast_pattern; pcre:"/^((\d{1,3}\.){3}\d{1,3}|((?:https?\x3a\/\/)?[a-z0-9\-]{1,30}\.){1,8}[a-z]{1,8})/Ri" ; reference:url,blog.netlab.360.com/emptiness-a-new-evolving-botnet/ ; classtype:trojan-activity; sid:2027838; rev:2; metadata:affected_product Linux, created_at 2019_08_09, malware_family Emptiness, confidence High, signature_severity Major, tag DDoS, updated_at 2024_03_07;)
References
Metadata
affected productLinux
created at2019_08_09
malware familyEmptiness
confidenceHigh
signature severityMajor
tagDDoS
updated at2024_03_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!